Bug#870725: CVE-2017-11721: read buffer overflow in MSG_ReadBits

Simon McVittie smcv at debian.org
Thu Aug 10 18:29:52 UTC 2017 

On Sat, 05 Aug 2017 at 12:24:19 +0100, Simon McVittie wrote:
> Again, I don't have time to handle this for stable right now, so
> security or games team members are very welcome to do so. I'll prepare
> a stable update during Debconf if nobody gets there first, assuming I
> can find a stable user willing to test a game from contrib.

I have prepared proposed stable-security updates and borrowed a
stable machine to smoke-test them (thanks to Andy Simpkins). I forget
whether you're interested in fixing contrib or not, so I'm doing iortcw
as well as ioquake3 (openjk is experimental-only so is not relevant here).
Let me know if I should redirect the iortcw update to the release team.

Here is some text which might be useful for a DSA:

----8<----

A read buffer overflow was discovered in the idtech3 (Quake III Arena)
family of game engines. This allows remote attackers to cause a denial
of service (application crash) or possibly have unspecified other impact
via a crafted packet. (CVE-2017-11721)

In Debian, this issue affects the ioquake3, iortcw and openjk packages.

For the stable distribution (stretch), this issue has been fixed in
ioquake3 version 1.36+u20161101+dfsg1-2+deb9u1 and in iortcw version
1.50a+dfsg1-3+deb9u1.

In the unstable distribution (sid), this issue has been fixed in ioquake3
version 1.36+u20170803+dfsg1-1 and in iortcw version 1.51+dfsg1-3.

In the experimental distribution this issue has been fixed in openjk
version 0~20170718+dfsg1-2.

---->8----

Proposed debdiffs attached. OK to upload?

Regards,
    S
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iortcw_1.50a+dfsg1-3+deb9u1.diff
Type: text/x-diff
Size: 23915 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20170810/01ffc7b3/attachment-0002.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ioquake3_1.36+u20161101+dfsg1-2+deb9u1.diff
Type: text/x-diff
Size: 13353 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20170810/01ffc7b3/attachment-0003.diff>

More information about the Pkg-games-devel mailing list